

<?php 
//include_once('db_connect.php');
if(isset($_POST)) {

	$id = $_POST['id'];
	$old = $_POST['oldpass'];
	$new = $_POST['newpass'];

	echo($id." ".$old." ".$new);
	// Endcode to md5
	$old = md5($old);
	$new = md5($new);	
	/*
	$connect = new Connect();
	$mysqli = $connect->getMysqli();

	$sql = "SELECT PassWord FROM USER WHERE UserID = ?";

		$prSelect = $mysqlif->prepare($sql);

		if(!$prSelect) {
			echo "Prepare failed: (" .$mysqli->errno. ") " .$mysqli->error;
		}

		//Bind
		$prSelect->bind_param('i', $userID);

		if(!$prSelect->execute()) {
			echo "Execute Error: (" .$prSelect->errno. ") " .$prSelect->error;
		}

		// Get result
		$result = $prSelect->get_result();
		$row = $result->fetch_assoc();

		$db_pass = $row['PassWord'];

		if($db_pass != $user->getPassWord()) {
			echo "old pass is incorrect";
		}

		$sqlUpdate = "UPDATE USER SET (PassWord) VALUES (?) WHERE UserID = ?";
		$prUpdate = $mysqli->prepare($sqlUpdate);

		if(!$prUpdate) {
			echo "Prepare failed: (" .$mysqli->errno. ") " .$mysqli->error;
		}

		//Bind
		$prUpdate->bind_param('s', $new);

		if(!$prUpdate->execute()) {
			echo "Execute Error: (" .$prSelect->errno. ") " .$prSelect->error;
		}
	echo "Update pass succuess";*/
}

?>